Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

• Toyota Motor Corporation issued a recall April 22 for
16,656 of its model year 2016 Toyota RAV4, Lexus RX350, and Lexus ES350
vehicles due to faulty brake actuators that may have been assembled with a
damaged O-ring. – TheCarConnection.com

3. April 22,
TheCarConnection.com – (National) Brake-related recalls widens to include 2016
Toyota RAV4, Lexus RX350, ES350. Toyota Motor Corporation issued a recall
April 22 for 16,656 of its model year 2016 Toyota RAV4, Lexus RX350, and Lexus
ES350 vehicles sold in the U.S. due to faulty brake actuators that may have
been assembled with a damaged O-ring which can cause the brake fluid pressure
to be improperly controlled during Anti-Lock Braking System (ABS), Traction
Control System (TRAC), and Vehicle Stability Control System (VSC) activation,
thereby increasing the required stopping distance and increasing the risk of a
crash. Source:
http://www.thecarconnection.com/news/1103559_brake-related-recall-widens-to-include-2016-toyota-rav4-lexus-rx350-es350

5. April 22,
CNN – (International) Gear shift confusion causes Chrysler recall. Fiat
Chrysler Automobiles (FCA) issued a recall April 22 for approximately 812,000
of its model years 2012 – 2014 Dodge Charger and Chrysler 300 vehicles, and
model years 2014 – 2015 Jeep Grand Cherokee SUVs sold in the U.S. due to a
problematic gear selector that does not move position when set to park,
reverse, or drive, thereby making it difficult to determine what gear the
vehicle is in after FCA received reports of 41 driver injuries potentially
related to the selector. The recall affects a total of 1.1 million vehicles
worldwide. Source:
http://money.cnn.com/2016/04/22/autos/chrysler-gearshift-recall/

• Service between
the Van Ness-UDC and Medical Center stations on Washington Metropolitan Area
Transit Authority’s Red Line was disrupted for several hours April 23 due to a
track fire that forced passengers to evacuate. – Washington Post

• A 6-alarm fire
April 24 in Brooklyn, New York, damaged 6 homes and 1 church, displaced more
than a dozen people, and prompted the response of more than 200 firefighters. –
WABC 7 New York City

25. April 25,
WABC 7 New York City – (New York) Fast-moving fire destroys several homes in
Brooklyn. A 6-alarm fire April 24 in Brooklyn, New York, damaged 6 homes
and 1 church, displaced more than a dozen people, and prompted the response of
more than 200 firefighters. Nine people were injured and officials believe that
the fire began in a three-story home and spread to surrounding areas. Source: http://abc7ny.com/news/fast-moving-fire-destroys-several-homes-in-brooklyn/1307258/

Financial Services Sector

Nothing
to report

Information Technology Sector

20. April 25,
Help Net Security – (International) Compromised credentials still to blame for
many data breaches. A Cloud Security Alliance survey found that a lack of
scalable identity access management systems, a lack of ongoing automated
rotation of cryptographic keys, passwords, and certificates, as well as failure
to use multifactor authentication were the major causes of data breaches. The
findings also indicated that 22 percent of companies who suffered a data
breach, attributed the breach to compromised credentials. Source: https://www.helpnetsecurity.com/2016/04/25/compromised-credentials-data-breaches/

21. April 25,
Help Net Security – (International) Critical flaws in HP Data Protector open
servers to remote attacks. Hewlett Packard released security updates for
its HP Data Protector software patching six critical vulnerabilities for all
versions prior to 7.03_108, 8.15, and 9.06 which could allow a remote code
execution flaw or unauthorized disclosure of information via unauthenticated
users or through an embedded Secure Sockets Layer (SSL) private key, which
could increase the chance of man-in-the-middle (MitM) attacks. Source: https://www.helpnetsecurity.com/2016/04/25/critical-flaws-hp-data-protector/

22. April 22,
SecurityWeek – (International) Attackers use PowerShell, Google Docs to
deliver “Laziok” trojan. Security researchers from FireEye reported that attackers
were able to bypass Google’s security checks and upload a trojan named Laziok
to Google Docs with the intention to steal information about the user’s system
by loading obfuscated JavaScript code known as “Unicorn,” as well as using
“Godmode” and PowerShell to execute the malware. Source: http://www.securityweek.com/attackers-deliver-laziok-trojan-google-docs

23. April 22,
SecurityWeek – (International) Attacker friendly hosting firm leveraged by
Pawn Storm hackers. Security researchers from Micro Trend reported that the
Pawn Storm Group was abusing a small Virtual Private Server (VPS) registered in
United Arab Emirates (UAE) to attack governments in 80 counties including
Bulgaria, Greece, Malaysia, Ukraine, and the U.S., and were seen executing more
than 100 cyber-attacks within the past year. In addition, it was discovered
that the group used the VPS hosting provider for command & control
(C&C) servers, exploit sites, spear-phishing campaigns, domestic espionage
in Russia, and Web mail phishing sites targeting high-profile users. Source: http://www.securityweek.com/attacker-friendly-hosting-firm-leveraged-pawn-storm-hackers

For another story, see item 14 below from the Healthcare Sector

14. April 22,
Softpedia – (International) Windows XP, IE, and Flash Usage blamed for
poor security of healthcare sector. Security researchers from Duo Security
reported that many healthcare organizations were using outdated software or
software prone to exploit kits (EK) after discovering that 33 percent of
healthcare organizations were using Internet Explorer 11 rather than using
updated versions of Google Chrome, and that 52 percent of healthcare
organizations were using Flash Player software on all their computers, among
other collected data. Source: http://news.softpedia.com/news/windows-xp-ie-and-flash-usage-blamed-for-poor-security-of-healthcare-sector-503342.shtml

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"